Absent `_mm_aesdec_si128` and `_mm_aesdeclast_si128`

[norwend]

https://software.intel.com/sites/landingpage/IntrinsicsGuide/#text=_mm_aesdec_si128&expand=262 https://developer.arm.com/architectures/instruction-sets/intrinsics/vaesdq_u8

[jserv]

Check aes-brute-force/src/aes_ni_botan.cpp at first glance.

• [ ] AES extension

  #define AES_DEC_4_ROUNDS(K) \
  do { \
      B0 = _mm_aesdec_si128(B0, K); \
      B1 = _mm_aesdec_si128(B1, K); \
      B2 = _mm_aesdec_si128(B2, K); \
      B3 = _mm_aesdec_si128(B3, K); \
  } while(0)

• [ ] Armv8-A Crypto extension

  #define AES_DEC_4_ROUNDS(K) \
  do { \
      B0 = vaesimcq_u8(vaesdq_u8(B0, K)); \
      B1 = vaesimcq_u8(vaesdq_u8(B1, K)); \
      B2 = vaesimcq_u8(vaesdq_u8(B2, K)); \
     B3 = vaesimcq_u8(vaesdq_u8(B3, K)); \
  } while(0)

[jserv]

Another AES-Crypto mapping example: https://gist.github.com/mmozeiko/f9c999dda7dbb03722409854a1c39cc2

[jserv]

IIRC, @wangxiao1254 implemented _mm_aesimc_si128, _mm_aesdec_si128, and _mm_aesdeclast_si128 with ARMv8 Cryptography Extensions. See https://github.com/f1ed/emp/blob/master/emp-tool/utils/block.h

However, for SSE2NEON, we need ARMv7/non-crypto-ext counterparts.

[jserv]

Drop-in implementations with ARMv8 Cryptography Extensions:

__m128i _mm_aesdec_si128 (__m128i a, __m128i RoundKey) {
    return vaesimcq_u8(vaesdq_u8(a, (__m128i){})) ^ RoundKey;
}
__m128i _mm_aesdeclast_si128 (__m128i a, __m128i RoundKey) {
    return vaesdq_u8(a, (__m128i){}) ^ RoundKey;
}
__m128i _mm_aesimc_si128 (__m128i a) {
    return vaesimcq_u8(a);
}

[jserv]

However, for SSE2NEON, we need ARMv7/non-crypto-ext counterparts.

The portable implementations:

• QEMU target/i386/ops_sse.h: Check helper_aesdec and helper_aesdeclast.
• WebAssembly/design Issue #1433

[jserv]

_mm_aesdec_si128 is implemented in commit 0f28c2539e950cd8dde2f042c39b87cd61c82937 .